I've configured Cisco ASA 55x series to authenticate Anyconnect clients using certificate with Microsoft standalone CA server (Win 2008). Everything goes fine on Windows clients. When the client who's using Debian Linux, they cannot connect to VPN due to "Certificate Validation Failure" error. What I've done on Debian clients:

1. Installed root CA certificate on client's machine in /etc/ssl/certs directory and created a symlink of this directory into /opt/.cisco/certificates/ca

2. Installed client certificate and private key in /opt/.cisco/certificates/client and /opt/.cisco/certificates/client/private/ dirs accordingly.

3. Restarted vpnagent daemon.

Unfortunately, it doesn't work. The version of the AnyConnect client is 3.1.04072. I tried to log-in to VPN server using Iceweasel browser from the Debian machine with certificate authentication by importing client certificate to the browser, and I succeeded. 

The client certificate was converted by openssl from a client certificate that works on Windows machine.

How can I solve this issue?